安全中心的默认日志分析工作区？ [英] Default log analytics workspace for Security Center?

问题描述

我很困惑。我有3个日志分析工作区。在第一工作空间"A"中。我有3个虚拟机的自动更新。在第二个"B"中我有10个VM，第三个是"C"。我什么都没有。

I am confused. I have 3 log analytics workspaces. In first workspace "A" I have Automatic Updates with 3 VMs. In second "B" I have 10 VMs and in third "C" I have nothing.

现在我想为所有这些虚拟机创建自定义的Microsoft反恶意软件警报规则。但在安全中心，我需要在自定义警报规则中选择工作区，这是我的问题。我只能选择第三个工作区"C"。现在怎么办？我应该从休息2工作空间"A"移动所有VM
" B"并将它们移动到第三个"C"。然后在VM连接到"C"之后创建规则。工作区？

Now I want to create custom Microsoft Antimalware alert rule for all these VMs. But in Security Center I need to choose workspace in custom alert rule and here is my problem. I can choose only third workspace "C". What now? Should I move all VMs from rest 2 workspaces "A" "B" and move them to this third "C" and then create rule after VMs will be connected to "C" workspace?

还有一件事我不明白。当我检查第三个工作区"C"时安全中心提供给我，安全警报没有数据。但当我查看第二个工作区"B"时我可以看到安全警报数据，安全
中心向我显示。所以这对我来说更加困惑，我不明白安全中心和工作区如何沟通？或者安全中心有一些默认工作区吗？如果是，为什么在自定义警报规则中为我提供了不同于工作区的安全
警报数据存储在？

And one more thing I don´t understand. When I check third workspace "C" that security center offers me, there is no data from security alerts. But when I look to second workspace "B" I can see security alerts data which ones security center show me. So this is even more confusing for me and I don´t understand how security center and workspace communicate? Or is there some default workspace for security center? If yes why in custom alert rules offer me different workspace than security alerts data are stored in?

推荐答案

可以请检查是否工作空间C与您的Azure订阅相关联？此外，您必须具有读取权限才能访问工作区。  

can you please check if workspace C is associated with your Azure Subscription ? Also, you must need read permissions to access the workspace.  

这篇关于安全中心的默认日志分析工作区？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！